Chromium Code Reviews
DescriptionMove the full Blink version envelope reading logic into V8ScriptValueDeserializer.
Doing a proper varint decode ensures that the code to read the version from the
envelope and the code that detects the envelope agree.
The fuzzer detected that it was possible to encode a small version number
with a large number of bytes (with the leading one being 0x80). This corrects
that and adds a test for that case.
BUG=697505
Review-Url: https://codereview.chromium.org/2731533002
Cr-Commit-Position: refs/heads/master@{#454467}
Committed: https://chromium.googlesource.com/chromium/src/+/43c2760715bdba5d474b1f0537244de8c7680ab6
Patch Set 1 #
Messages
Total messages: 12 (8 generated)
|
||||||||||||||||||||||||||||